CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49334 – mm/huge_memory: Fix xarray node memory leak
https://notcve.org/view.php?id=CVE-2022-49334
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: Fix xarray node memory leak If xas_split_alloc() fails to allocate the necessary nodes to complete the xarray entry split, it sets the xa_state to -ENOMEM, which xas_nomem() then interprets as "Please allocate more memory", not as "Please free any unnecessary memory" (which was the intended outcome). It's confusing to use xas_nomem() to free memory in this context, so call xas_destroy() instead. In the Linux kernel, the foll... • https://git.kernel.org/stable/c/6b24ca4a1a8d4ee3221d6d44ddbb99f542e4bda3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49333 – net/mlx5: E-Switch, pair only capable devices
https://notcve.org/view.php?id=CVE-2022-49333
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, pair only capable devices OFFLOADS paring using devcom is possible only on devices that support LAG. Filter based on lag capabilities. This fixes an issue where mlx5_get_next_phys_dev() was called without holding the interface lock. This issue was found when commit bc4c2f2e0179 ("net/mlx5: Lag, filter non compatible devices") added an assert that verifies the interface lock is held. WARNING: CPU: 9 PID: 1706 at drivers/n... • https://git.kernel.org/stable/c/dd3fddb82780bfa24124834edd90bbc63bd689cc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49332 – scsi: lpfc: Address NULL pointer dereference after starget_to_rport()
https://notcve.org/view.php?id=CVE-2022-49332
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Calls to starget_to_rport() may return NULL. Add check for NULL rport before dereference. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Calls to starget_to_rport() may return NULL. Add check for NULL rport before dereference. • https://git.kernel.org/stable/c/bb21fc9911eea92afd476f7e64b327716e042a25 •
CVSS: 5.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49331 – nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
https://notcve.org/view.php?id=CVE-2022-49331
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths. In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths. • https://git.kernel.org/stable/c/26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49330 – tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
https://notcve.org/view.php?id=CVE-2022-49330
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug, added in initial support for MTU probing. tcp_mtu_probe() has checks about starting an MTU probe if tcp_snd_cwnd(tp) >= 11. But nothing prevents tcp_snd_cwnd(tp) to be reduced later and before the MTU probe succeeds. This bug would lead to potential zero-divides. Debugging added in commit 40570375356c ("tcp: add accessors to rea... • https://git.kernel.org/stable/c/5d424d5a674f782d0659a3b66d951f412901faee •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49329 – vduse: Fix NULL pointer dereference on sysfs access
https://notcve.org/view.php?id=CVE-2022-49329
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msg_timeout attribute via sysfs: [ 132.841881][ T3644] BUG: kernel NULL pointer dereference, address: 00000000000000f8 [ 132.850619][ T3644] RIP: 0010:msg_timeout_show (drivers/vdpa/vdpa_user/vduse_dev.c:1271) [ 132.869447][ T3644] dev_attr_show (drivers/base/core.c:2094) [ 132.8702... • https://git.kernel.org/stable/c/c8a6153b6c59d95c0e091f053f6f180952ade91e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49328 – mt76: fix use-after-free by removing a non-RCU wcid pointer
https://notcve.org/view.php?id=CVE-2022-49328
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76_txq_schedule by protecting mtxq->wcid with rcu_lock between mt76_txq_schedule and sta_info_[alloc, free]. [18853.876689] ================================================================== [18853.876751] BUG: KASAN: use-after-free in mt76_txq_schedule+0x204/0xaf8 [mt76] [18853.876773] Read of size 8 at addr ffffffaf989a2138... • https://git.kernel.org/stable/c/7bc04215a66b60e198aecaee8418f6d79fa19faa • CWE-416: Use After Free •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49327 – bcache: avoid journal no-space deadlock by reserving 1 journal bucket
https://notcve.org/view.php?id=CVE-2022-49327
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: avoid journal no-space deadlock by reserving 1 journal bucket The journal no-space deadlock was reported time to time. Such deadlock can happen in the following situation. When all journal buckets are fully filled by active jset with heavy write I/O load, the cache set registration (after a reboot) will load all active jsets and inserting them into the btree again (which is called journal replay). If a journaled bkey is inserted int... • https://git.kernel.org/stable/c/59afd4f287900c8187e968a4153ed35e6b48efce •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49326 – rtl818x: Prevent using not initialized queues
https://notcve.org/view.php?id=CVE-2022-49326
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with rtl8180/rtl8185 cards. Ignore the skb priority for those cards, they only have one tx queue. Pierre Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum: https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html He also confirmed that this patch fixes the issue. In summary this happened: After updating... • https://git.kernel.org/stable/c/b5dca2cd3f0239512da808598b4e70557eb4c2a1 •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49325 – tcp: add accessors to read/set tp->snd_cwnd
https://notcve.org/view.php?id=CVE-2022-49325
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwnd is greater than zero. Lately, syzbot reported the WARN_ON_ONCE(!tp->prior_cwnd) added in commit 8b8a321ff72c ("tcp: fix zero cwnd in tcp_cwnd_reduction") can trigger, and without a repro we would have to spend considerable time finding the bug. Instead of complaining too late, we want to catch where and when tp-... • https://git.kernel.org/stable/c/3308676ec525901bf1656014003c443a60730a04 •